在 Elasticsearch 中查找特定时间带过滤器的文档数
Find the number of documents with filter at a particular time in Elasticsearch
我在 elasticsearch 中有文档,其中每个文档如下所示:
{
"id": "T12890ADSA12",
"status": "ENDED",
"type": "SAMPLE",
"updatedAt": "2020-05-29T18:18:08.483Z",
"audit": [
{
"event": "STARTED",
"version": 1,
"timestamp": "2020-04-30T13:41:25.862Z"
},
{
"event": "INPROGRESS",
"version": 2,
"timestamp": "2020-05-14T17:03:09.137Z"
},
{
"event": "INPROGRESS",
"version": 3,
"timestamp": "2020-05-17T17:03:09.137Z"
},
{
"event": "ENDED",
"version": 4,
"timestamp": "2020-05-29T18:18:08.483Z"
}
],
"createdAt": "2020-04-30T13:41:25.862Z"
}
如果我想知道在给定的特定时间 STARTED state 中的文档数量。我怎样才能做到这一点?它应该使用事件字段中每个事件的时间戳。
编辑:索引映射如下:
{
"id": "text",
"status": "text",
"type": "text",
"updatedAt": "date",
"events": [
{
"event": "text",
"version": long,
"timestamp": "date"
}
],
"createdAt": "date"
}
为了达到你想要的效果,你需要确保 events 数组是 nested 类型,因为你有两个条件需要应用到每个数组元素上,而这仅当 events 嵌套时才有可能:
"events" : {
"type": "nested", <--- you need to add this
"properties" : {
"event" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"timestamp" : {
"type" : "date"
},
"version" : {
"type" : "long"
}
}
},
然后您将能够运行以下nested查询:
{
"query": {
"nested": {
"path": "events",
"query": {
"bool": {
"must": [
{
"range": {
"events.date": {
"gte": "2020-06-08",
"lte": "2020-06-08"
}
}
},
{
"term": {
"events.event": "STARTED"
}
}
]
}
}
}
}
}
我在 elasticsearch 中有文档,其中每个文档如下所示:
{
"id": "T12890ADSA12",
"status": "ENDED",
"type": "SAMPLE",
"updatedAt": "2020-05-29T18:18:08.483Z",
"audit": [
{
"event": "STARTED",
"version": 1,
"timestamp": "2020-04-30T13:41:25.862Z"
},
{
"event": "INPROGRESS",
"version": 2,
"timestamp": "2020-05-14T17:03:09.137Z"
},
{
"event": "INPROGRESS",
"version": 3,
"timestamp": "2020-05-17T17:03:09.137Z"
},
{
"event": "ENDED",
"version": 4,
"timestamp": "2020-05-29T18:18:08.483Z"
}
],
"createdAt": "2020-04-30T13:41:25.862Z"
}
如果我想知道在给定的特定时间 STARTED state 中的文档数量。我怎样才能做到这一点?它应该使用事件字段中每个事件的时间戳。
编辑:索引映射如下:
{
"id": "text",
"status": "text",
"type": "text",
"updatedAt": "date",
"events": [
{
"event": "text",
"version": long,
"timestamp": "date"
}
],
"createdAt": "date"
}
为了达到你想要的效果,你需要确保 events 数组是 nested 类型,因为你有两个条件需要应用到每个数组元素上,而这仅当 events 嵌套时才有可能:
"events" : {
"type": "nested", <--- you need to add this
"properties" : {
"event" : {
"type" : "text",
"fields" : {
"keyword" : {
"type" : "keyword",
"ignore_above" : 256
}
}
},
"timestamp" : {
"type" : "date"
},
"version" : {
"type" : "long"
}
}
},
然后您将能够运行以下nested查询:
{
"query": {
"nested": {
"path": "events",
"query": {
"bool": {
"must": [
{
"range": {
"events.date": {
"gte": "2020-06-08",
"lte": "2020-06-08"
}
}
},
{
"term": {
"events.event": "STARTED"
}
}
]
}
}
}
}
}